Firewall Management in Central

Suggest, discuss, and vote on new ideas for Firewall Management in Sophos Central. Powerful enterprise and multi-customer management for Sophos XG Firewall.


Firewall Management in Central

Suggest, discuss, and vote on new ideas for Firewall Management in Sophos Central. Powerful enterprise and multi-customer management for Sophos XG Firewall.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Controll & Monitor Pattern Updates

    I am only able to run firmware updates on a managed XG. There is no option to install pattern updates (e.g. Access Points, REDs) on a specific date.

    For everything else that is auto-updated I would like to have an option to monitor failures and situations, where the device didn't find the latest patch. (I would like to have the logic inside of central. Central should compare the installed and available version of each pattern reported from a local device against the latest available version on the cloud.)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Single device management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Controll & Monitor Pattern Updates

    I am only able to run firmware updates on a managed XG. There is no option to install pattern updates (e.g. Access Points, REDs) on a specific date.

    For everything else that is auto-updated I would like to have an option to monitor failures and situations, where the device didn't find the latest patch. (I would like to have the logic inside of central. Central should compare the installed and available version of each pattern reported from a local device against the latest available version on the cloud.)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Single device management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Visibly show when an XG backup circuit is in use in Central Admin

    When working with firewall management for Sophos XG firewalls within Sophos Central Admin there should be an alert or at least a dashboard visible icon showing that an XG is running on its backup link. This should be for cellular or any other link set to backup in the XG configuration.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  4. Autoresolve Alerts

    There are many situations where central raises more than one alert to a specific topic. Examples:
    - Firmware upgrade (Connection lost, Gateway up, Firewall upgrade completed)
    - VPN/RED connection lost (Connection lost, Connection reestablisht)

    I would like to change the behavior of how alerts work in central. From my perspective it would be better, if an alert is archived, when the initial incident is resolved. In an example for VPN/RED alerts this would mean: An alert is raised, if any RED disconnects from the XG (current behavior). When the RED is reconnected, central should close the initial alert with an…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  5. Access to Log Files

    For advanced debugging I need access to an appliance log files. Currently this is only available through the web console. It would be so perfect, if central would allow me to open an live trace and download option for the log files mentioned here: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/LogFileDetails.html

    I don't need the files to be stored in central reporting. That would be cool - but is not needed for the moment. But with an option to run monitoring/machine learning on every single device log file (via Central API) would be a outstanding.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Partner dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  6. reordering, grouping and renaming of firewall rules

    since SFOS 17 we are able to
    - group firewall rules
    - move firewall rules aswell as groups to change their position (and therefore the processing order)
    - automatically assign firewall rules to the first matching group (if selected)

    in central firewall manager none of this is currently possible, i.e. groups are not supported and you cannot change the position of rules

    in addition you cannot rename a rule after it has been created

    all of this should be possible via central. In the current state rule handling is unusable for our customers.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Adding Firewalls to Sophos central using a Partner Super Admin Account

    It would be really great if adding firewalls to Sophos central is done in a different way instead of just using a local super admin account. We are an MSP with various customers that have Sophos central.

    Adding a local super admin account on each customer we have is not ideal. It means we need to have a separate active email account for each customer which is ridiculous, what if we have 100 customers, it defeats the purpose of ease of central management for MSPs.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Partner dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  8. sophos central

    The Sophos Central Dashboard runs full with Warnings on IPsec Connections. Message codes 17801 and 17802. I already went through the los files of the XG (The XG does not show these Messages as warnings in the Dashboard) and found out that these messages correlate with the rekey margin. Since that does not mean that the connection is terminated or means an irregular event I do not want to see those warnings on the central Dashboard.

    The result is, that critical warnings are not beeing recognized...

    How can I make shure that the rekeying is not permanently combined with a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  9. Improved Zero Touch deployment

    I would like to be able to deploy new firewalls using the Zero Touch deployment option, but not require a using USB stick, to apply the initial configuration.

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. MSP

    When you pull an MSP report from Sophos Central XG Firewall Dashboard for MSP XG License usage, It would be an idea that the report also pulls through the company name and company contact details on the report, instead of just the rest of the address and XG Serial number. Sophos support advised that Sophos does not currently support this feature.

    I think company name and company contact would be useful, so resellers easily know who your billing, instead of looking up the serial number every time to see who the XG firewall belongs to.

    This was suggested as a…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos Connect VPN Client Independent Management Feature

    When users are disconnecting/connecting, XG fires email alerts and reports to Sophos Central that IPSec tunnel went down or IPSec Tunne Reconnected. This times all users operating with this client get over-reported (false positive). We use site to site VPN to other sites, so turning off these alerts is not an option. I would strongly suggest being able to manage the client's VPN alerts independently.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Manage authentication methods at the child group level

    I have several levels of group hierarchy configured to manage our firewalls. The top level is for the overall company, the second level is for corporate/production, and then there are third level child groups tied to location. I am creating my users at the top group level, so they can be managed centrally. I am able to create the authentication servers at the second level (production/corporate). However, it is not currently possible to set the actual authentication method at a child group level (You get an error message stating this can only be set at the top of the hierarchy).…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Central Firewall Manager Alert Policy Editing

    Please allow other admins to edit the Alerts profiles in CFM. Currently, only the admin that created a Alert Profile can edit that profile.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Display Hostname on Tab or Menu

    When managing individual firewalls, please display the Hostname of the device currently being managed in the browser tab or title bar. Currently the tab displays "Sophos". This will help avoid confusion and costly mistakes when managing and configuring multiple devices.

    It would also be helpful to display the hostname next to the company name below the admin menu in the top-right corner of the each page.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Single device management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Import firewall settings to create a group

    As a sophos customer, I would like to be able to export the configuration from a single firewall, and use that as the starting point for a new firewall group's configuration

    19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Move and copy firewall groups

    I am in the process of setting up groups for my locations and just came to the realization that I should place another group in between my current top level and children. Unfortunately, this means that all of the configuration that I've already completed on the children will need to be redone on newly created groups. Thankfully, I'm early in the process, but this still represents several days of work to get them synced.

    I would like to see the ability to move groups within the hierarchy, or at least provide a way to export/import or copy group policies to…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Group Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow reporting in aggregate

    I would like to see the ability to review logs/IPS violations/DPI errors in aggregate in some fashion. This would allow the partner to make informed policy decisions and see a larger threat landscape than needing to review each customer in a vacuum.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Partner dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
  18. Set Backup Defaults for all firewalls

    It would be a useful feature to be able to set the configuration backup settings you want once and then have that apply automatically to any firewalls added in the future. As it stands currently each time you add a firewall you need to remember to go back in each time and set it to back up to Central.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sophos XG Cluster

    it would be important so be able to identify (and modify) a XG-Cluster and its state in Central.
    Actually a cluster-member is marked as not available, which, in fact, is not quite the correct system state of a A-P-Cluster Member (for the backup-device)

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →

    We are working on improvements to support of HA firewalls, and will release this in two stages. Stage one will be available in a amatter of days, allowing both members of an HA pair to be registered to Central, and placed in the same management group.

    Phase 2 will follow in a matter of months, and will make joining both devices to Central easier, and will show members of an HA pair as a single logical device in Central, reflecting the HA state, current primary device, etc..

  20. Centrally Change Admin Passwords

    With the recently disclosed firmware vulnerabilities requiring us to change the admin password on every appliance (twice in the last few months!), it would be extremely helpful to be able to select each firewall from the list, click a "reset admin password" link, and set the new password from Sophos Central. While we only have a small deployment of about 30 devices, it still takes a significant investment in time to remote into each device to change the password, apply firmware updates, etc. Central Administration should allow us to do simple tasks such as this without requiring us to log…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Customer dashboard features  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.